Tag: w32 fasec

I’ve removed viruses with W32 in their names, on hundreds of computers, and they’ve all been difficult to remove. W32 Fasec and W32-Patched kg are two of the most common and stubborn. Usually w32 are video codec or flash drive viruses. That means you got it from downloading a video codec or from an infected flash drive or stick. W32 means they are rootkits, embedded in the root in the system32 section of Windows, as the name w32 implies. They aggressively disarm anti-viruses and anti-spyware by not allowing the anti-malware to run even in Safe Mode.

I’ve been able to run Avast in Safe Mode to make the first inroad to removal. Then I zap them with Combofix and Malwarebytes. That usually does it.

I imagine most techs reformat the hard drives of the computers infected with this virus, since a repair install doesn’t remove it. Reformatting isn’t necessary and hard on the client (that means you). However if your tech insists, ask him or her to back up your data before reformatting. Then immediately install Malwarebytes and either AVG or AVAST on your clean install. If he won’t save your data, get a different tech and show him or her this post. You don’t have to lose everything, really, you don’t.

This is what I do with anything spyware or virus w32. The w32 action plan! The W32 Removal tool! Ta da. I boot into Safe Mode by tapping the F8 key as the computer boots up. You have to tap at the right point or else you’ll just boot back into the normal mode, so try again if that happens. You should get a black and white screen with several boot options. Pick Safe Mode with Networking. “With Networking” means your internet will work. (In regular plain old Safe Mode it doesn’t.) Then you’ll get a question about whether you really want to go into Safe Mode or if you want to use System Restore. Yes, you do want Safe Mode. While in Safe Mode go on the Internet. Type “avast.com” into the address bar.

Or click here. After downloading Avast, run it. It may ask you to do a boot scan. Say yes. Otherwise let it startup and you’ll get the funny silver-looking interface, which looks like a radio to me. Click the update button. The update button looks like Harry Potter’s scar or a lightening strike. After updating run Avast again. You may have to keep going back into Safe Mode.

After Avast runs and gets rid of some of the w32, then download and run ComboFix and Malwarebytes.

With ComboFix, just follow the prompts and ignore all the dire warnings about using it without a helper, I’ve used it hundreds of times without one bad incident. If you can’t disable your antivirus as ComboFix suggests or don’t know how to disable it (has anyone tried to disable Norton or Mcafee single-handedly? Good luck, they’re impossible to disable especially if you’re infected with a virus) just go ahead anyway. I do, all the time. Your computer is terminal anyway if you don’t use ComboFix at this point and it can only help. While Combofix runs it will install Recovery console, scan for viruses, reboot your computer and create a log file.

After ComboFix, use Malwarebytes. I find it easy to run. Install it, then go to the Update button, then to the Scan. Do a quick scan first. Then a full scan.

Now you’re safely on your way home from the dangerous wilds of the w32 wilderness. You’ve fought off the w32 beast!! You’re a Ducktoes hero. Your on your way home, your way home.